SANS GXPN Review

[cd1zz]

As promised, my review of the Corelan course:
http://www.pwnag3.com/2012/12/corelan-exploit-development-live.html

[Dark_Knight]

OSCE vs GXPN vs Corelan...go


 

[hayabusa]

OSCE vs GXPN vs Corelan...go


 

^^ ++1 

[tturner]

http://infiltratecon.com/training.html ?

[ajohnson]

The Corelan course was the best training I've ever done, hands-down.

I'll try to throw up a review by the end of the year as well (slammed with work, prepping for fast-approaching OSCE), but rest assured, it's awesome.

Given how few opportunities there are to do it, jump at it if you ever get the chance. I'm obviously glad I did.

[cd1zz]

Because they're all different, I'll organize this by two goals: 1) get better at exploit dev, 2) get better at pen testing

Goal - Ninjasize your Exploit Dev Skills
Order of complexity from lowest to highest: GXPN, OSCE, Corelan.

Keep in mind, the GXPN covers more than exploit dev. OSCE is 90% exploit dev and Corelan is 100%

Corelan covers more advanced exploit dev topics than OSCE and GXPN. For example, he literally went through how the Vupen guys won Pwn2Own, step by step. Blew my mind.

OSCE and Corelan are 100% windows, GXPN does both nix and windows.

Goal - Ninjasize your Pen Test Skills
Corelan isnt going to help. OSCE might help a little, but GXPN is going to win in this category. A better track for this goal is probably GPEN -> GXPN -> OSCP, or some variation of the G courses, but keeping OSCP in there

They all have some overlap and if you can take them all, they really compliment each other. Hope that helps.

[cd1zz]

@tturner I've heard the Immunity Master Course kicks ass. That's hopefully next year.
http://www.infiltratecon.com/training.html#MasterClass

[Dark_Knight]

So my next question is, when if EVER do you use your exploit-dev skills on a pentest? Most environments can be pwned without needing the heavy artillery not so?

Your response maybe that I said most, but how often do you get to go up against an environment that requires OSCE etc skillz?

[cd1zz]

Valid question. Yes, in my experience on internal network pen tests it's not that difficult to get domain admin. I haven't had to use these skills on regular pen tests that often. I might have to modify a PoC or a busted metasploit module, but other than that, nothing too complex.

However, in my role at work, I'm doing more than network pen tests slammed into short time windows. We're looking at hardware, custom apps, etc that the client wants in depth testing on, over long periods of time. Writing an exploit for custom software is exactly what they're paying for. I wish these were every week, but they're not that often.

[ajohnson]

@tturner I've heard the Immunity Master Course kicks ass. That's hopefully next year.
http://www.infiltratecon.com/training.html#MasterClass

Yea, that looks amazing. I'll need to wait until I find an employer that'll foot that bill though.

I assume they offer the NOP exam there. That'd be a fun one to try.

[UNIX]

Nice review, cd1zz. So were there many topics covered which are not already covered in his public tutorials?

[cd1zz]

Not a lot, in fact he refers to them for more information. However, the value in having him there is picking up on how he thinks about things or all his little tricks.

[azmatt]

That was a really good review man.

[UNIX]

I was told that GPEN is required in order to sit for the GXPN exam, however, I couldn't find such statement on the official website. Can anyone confirm whether GPEN is required for GXPN or not? I might give it a try this year, so I'm wondering.

[cd1zz]

Nope, not a requirement. Might be a suggestion, but not a req.